Registry Access
MiHCM packages are public npm packages under @mihcm/*. Consumers do not need a GitHub personal access token, package token, or project .npmrc.
Access Model
| Channel | Status |
|---|---|
| Public npm | Current public package registry. |
| GitHub Packages | Legacy/internal-only channel; do not use for community installs. |
| Copy-paste CLI | Supported for selected primitives through @mihcm/cli add. |
Local Developer Setup
Install from the default npm registry:
pnpm add @mihcm/ui @mihcm/theme @mihcm/tokens @mihcm/iconsCI Consumer Setup
CI does not need package auth for MiHCM installs. Use the normal lockfile install:
- run: corepack enable
- run: pnpm install --frozen-lockfileOnly add npm authentication if your application also depends on other private packages.
Verification
These commands should work without an auth token:
pnpm view @mihcm/theme version
pnpm view @mihcm/ui version
pnpm install --frozen-lockfileTroubleshooting
| Error | Meaning | Fix |
|---|---|---|
ERR_PNPM_FETCH_401 or 403 from npm.pkg.github.com | A user/project .npmrc still routes MiHCM packages to GitHub Packages | Remove @mihcm:registry=https://npm.pkg.github.com and legacy @yashiel:registry=https://npm.pkg.github.com lines from project and user npm config. |
E404 Not Found from registry.npmjs.org | Package name typo or old lockfile registry metadata | Confirm the package name and refresh the lockfile. |
| Works locally but not CI | CI has a stale .npmrc or cache | Remove the GitHub Packages override and clear the package-manager cache. |
Publishing Boundary
The source repository stays private. Package publishing is maintainer-only through the release workflow and public npm trusted publishing/provenance. Consumers should never need publish tokens.